7.5
CVE-2023-28882
- EPSS 0.73%
- Veröffentlicht 28.04.2023 04:15:38
- Zuletzt bearbeitet 03.07.2025 20:59:18
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Owasp ≫ Modsecurity Version >= 3.0.5 < 3.0.9
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.73% | 0.494 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
https://www.trustwave.com/en-us/resources/security-resources/software-updates/announcing-modsecurity-version-309/